1// Code generated by protoc-gen-go. DO NOT EDIT. 2// versions: 3// protoc-gen-go v1.25.0 4// protoc v3.14.0 5// source: envoy/config/rbac/v2/rbac.proto 6 7package envoy_config_rbac_v2 8 9import ( 10 _ "github.com/cncf/xds/go/udpa/annotations" 11 core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" 12 route "github.com/envoyproxy/go-control-plane/envoy/api/v2/route" 13 matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher" 14 _ "github.com/envoyproxy/protoc-gen-validate/validate" 15 proto "github.com/golang/protobuf/proto" 16 v1alpha1 "google.golang.org/genproto/googleapis/api/expr/v1alpha1" 17 protoreflect "google.golang.org/protobuf/reflect/protoreflect" 18 protoimpl "google.golang.org/protobuf/runtime/protoimpl" 19 reflect "reflect" 20 sync "sync" 21) 22 23const ( 24 // Verify that this generated code is sufficiently up-to-date. 25 _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) 26 // Verify that runtime/protoimpl is sufficiently up-to-date. 27 _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) 28) 29 30// This is a compile-time assertion that a sufficiently up-to-date version 31// of the legacy proto package is being used. 32const _ = proto.ProtoPackageIsVersion4 33 34// Should we do safe-list or block-list style access control? 35type RBAC_Action int32 36 37const ( 38 // The policies grant access to principals. The rest is denied. This is safe-list style 39 // access control. This is the default type. 40 RBAC_ALLOW RBAC_Action = 0 41 // The policies deny access to principals. The rest is allowed. This is block-list style 42 // access control. 43 RBAC_DENY RBAC_Action = 1 44) 45 46// Enum value maps for RBAC_Action. 47var ( 48 RBAC_Action_name = map[int32]string{ 49 0: "ALLOW", 50 1: "DENY", 51 } 52 RBAC_Action_value = map[string]int32{ 53 "ALLOW": 0, 54 "DENY": 1, 55 } 56) 57 58func (x RBAC_Action) Enum() *RBAC_Action { 59 p := new(RBAC_Action) 60 *p = x 61 return p 62} 63 64func (x RBAC_Action) String() string { 65 return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) 66} 67 68func (RBAC_Action) Descriptor() protoreflect.EnumDescriptor { 69 return file_envoy_config_rbac_v2_rbac_proto_enumTypes[0].Descriptor() 70} 71 72func (RBAC_Action) Type() protoreflect.EnumType { 73 return &file_envoy_config_rbac_v2_rbac_proto_enumTypes[0] 74} 75 76func (x RBAC_Action) Number() protoreflect.EnumNumber { 77 return protoreflect.EnumNumber(x) 78} 79 80// Deprecated: Use RBAC_Action.Descriptor instead. 81func (RBAC_Action) EnumDescriptor() ([]byte, []int) { 82 return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{0, 0} 83} 84 85// Role Based Access Control (RBAC) provides service-level and method-level access control for a 86// service. RBAC policies are additive. The policies are examined in order. A request is allowed 87// once a matching policy is found (suppose the `action` is ALLOW). 88// 89// Here is an example of RBAC configuration. It has two policies: 90// 91// * Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so 92// does "cluster.local/ns/default/sa/superuser". 93// 94// * Any user can read ("GET") the service at paths with prefix "/products", so long as the 95// destination port is either 80 or 443. 96// 97// .. code-block:: yaml 98// 99// action: ALLOW 100// policies: 101// "service-admin": 102// permissions: 103// - any: true 104// principals: 105// - authenticated: 106// principal_name: 107// exact: "cluster.local/ns/default/sa/admin" 108// - authenticated: 109// principal_name: 110// exact: "cluster.local/ns/default/sa/superuser" 111// "product-viewer": 112// permissions: 113// - and_rules: 114// rules: 115// - header: { name: ":method", exact_match: "GET" } 116// - url_path: 117// path: { prefix: "/products" } 118// - or_rules: 119// rules: 120// - destination_port: 80 121// - destination_port: 443 122// principals: 123// - any: true 124// 125type RBAC struct { 126 state protoimpl.MessageState 127 sizeCache protoimpl.SizeCache 128 unknownFields protoimpl.UnknownFields 129 130 // The action to take if a policy matches. The request is allowed if and only if: 131 // 132 // * `action` is "ALLOWED" and at least one policy matches 133 // * `action` is "DENY" and none of the policies match 134 Action RBAC_Action `protobuf:"varint,1,opt,name=action,proto3,enum=envoy.config.rbac.v2.RBAC_Action" json:"action,omitempty"` 135 // Maps from policy name to policy. A match occurs when at least one policy matches the request. 136 Policies map[string]*Policy `protobuf:"bytes,2,rep,name=policies,proto3" json:"policies,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` 137} 138 139func (x *RBAC) Reset() { 140 *x = RBAC{} 141 if protoimpl.UnsafeEnabled { 142 mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[0] 143 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 144 ms.StoreMessageInfo(mi) 145 } 146} 147 148func (x *RBAC) String() string { 149 return protoimpl.X.MessageStringOf(x) 150} 151 152func (*RBAC) ProtoMessage() {} 153 154func (x *RBAC) ProtoReflect() protoreflect.Message { 155 mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[0] 156 if protoimpl.UnsafeEnabled && x != nil { 157 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 158 if ms.LoadMessageInfo() == nil { 159 ms.StoreMessageInfo(mi) 160 } 161 return ms 162 } 163 return mi.MessageOf(x) 164} 165 166// Deprecated: Use RBAC.ProtoReflect.Descriptor instead. 167func (*RBAC) Descriptor() ([]byte, []int) { 168 return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{0} 169} 170 171func (x *RBAC) GetAction() RBAC_Action { 172 if x != nil { 173 return x.Action 174 } 175 return RBAC_ALLOW 176} 177 178func (x *RBAC) GetPolicies() map[string]*Policy { 179 if x != nil { 180 return x.Policies 181 } 182 return nil 183} 184 185// Policy specifies a role and the principals that are assigned/denied the role. A policy matches if 186// and only if at least one of its permissions match the action taking place AND at least one of its 187// principals match the downstream AND the condition is true if specified. 188type Policy struct { 189 state protoimpl.MessageState 190 sizeCache protoimpl.SizeCache 191 unknownFields protoimpl.UnknownFields 192 193 // Required. The set of permissions that define a role. Each permission is matched with OR 194 // semantics. To match all actions for this policy, a single Permission with the `any` field set 195 // to true should be used. 196 Permissions []*Permission `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"` 197 // Required. The set of principals that are assigned/denied the role based on “action”. Each 198 // principal is matched with OR semantics. To match all downstreams for this policy, a single 199 // Principal with the `any` field set to true should be used. 200 Principals []*Principal `protobuf:"bytes,2,rep,name=principals,proto3" json:"principals,omitempty"` 201 // An optional symbolic expression specifying an access control 202 // :ref:`condition <arch_overview_condition>`. The condition is combined 203 // with the permissions and the principals as a clause with AND semantics. 204 Condition *v1alpha1.Expr `protobuf:"bytes,3,opt,name=condition,proto3" json:"condition,omitempty"` 205} 206 207func (x *Policy) Reset() { 208 *x = Policy{} 209 if protoimpl.UnsafeEnabled { 210 mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[1] 211 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 212 ms.StoreMessageInfo(mi) 213 } 214} 215 216func (x *Policy) String() string { 217 return protoimpl.X.MessageStringOf(x) 218} 219 220func (*Policy) ProtoMessage() {} 221 222func (x *Policy) ProtoReflect() protoreflect.Message { 223 mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[1] 224 if protoimpl.UnsafeEnabled && x != nil { 225 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 226 if ms.LoadMessageInfo() == nil { 227 ms.StoreMessageInfo(mi) 228 } 229 return ms 230 } 231 return mi.MessageOf(x) 232} 233 234// Deprecated: Use Policy.ProtoReflect.Descriptor instead. 235func (*Policy) Descriptor() ([]byte, []int) { 236 return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{1} 237} 238 239func (x *Policy) GetPermissions() []*Permission { 240 if x != nil { 241 return x.Permissions 242 } 243 return nil 244} 245 246func (x *Policy) GetPrincipals() []*Principal { 247 if x != nil { 248 return x.Principals 249 } 250 return nil 251} 252 253func (x *Policy) GetCondition() *v1alpha1.Expr { 254 if x != nil { 255 return x.Condition 256 } 257 return nil 258} 259 260// Permission defines an action (or actions) that a principal can take. 261// [#next-free-field: 11] 262type Permission struct { 263 state protoimpl.MessageState 264 sizeCache protoimpl.SizeCache 265 unknownFields protoimpl.UnknownFields 266 267 // Types that are assignable to Rule: 268 // *Permission_AndRules 269 // *Permission_OrRules 270 // *Permission_Any 271 // *Permission_Header 272 // *Permission_UrlPath 273 // *Permission_DestinationIp 274 // *Permission_DestinationPort 275 // *Permission_Metadata 276 // *Permission_NotRule 277 // *Permission_RequestedServerName 278 Rule isPermission_Rule `protobuf_oneof:"rule"` 279} 280 281func (x *Permission) Reset() { 282 *x = Permission{} 283 if protoimpl.UnsafeEnabled { 284 mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[2] 285 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 286 ms.StoreMessageInfo(mi) 287 } 288} 289 290func (x *Permission) String() string { 291 return protoimpl.X.MessageStringOf(x) 292} 293 294func (*Permission) ProtoMessage() {} 295 296func (x *Permission) ProtoReflect() protoreflect.Message { 297 mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[2] 298 if protoimpl.UnsafeEnabled && x != nil { 299 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 300 if ms.LoadMessageInfo() == nil { 301 ms.StoreMessageInfo(mi) 302 } 303 return ms 304 } 305 return mi.MessageOf(x) 306} 307 308// Deprecated: Use Permission.ProtoReflect.Descriptor instead. 309func (*Permission) Descriptor() ([]byte, []int) { 310 return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{2} 311} 312 313func (m *Permission) GetRule() isPermission_Rule { 314 if m != nil { 315 return m.Rule 316 } 317 return nil 318} 319 320func (x *Permission) GetAndRules() *Permission_Set { 321 if x, ok := x.GetRule().(*Permission_AndRules); ok { 322 return x.AndRules 323 } 324 return nil 325} 326 327func (x *Permission) GetOrRules() *Permission_Set { 328 if x, ok := x.GetRule().(*Permission_OrRules); ok { 329 return x.OrRules 330 } 331 return nil 332} 333 334func (x *Permission) GetAny() bool { 335 if x, ok := x.GetRule().(*Permission_Any); ok { 336 return x.Any 337 } 338 return false 339} 340 341func (x *Permission) GetHeader() *route.HeaderMatcher { 342 if x, ok := x.GetRule().(*Permission_Header); ok { 343 return x.Header 344 } 345 return nil 346} 347 348func (x *Permission) GetUrlPath() *matcher.PathMatcher { 349 if x, ok := x.GetRule().(*Permission_UrlPath); ok { 350 return x.UrlPath 351 } 352 return nil 353} 354 355func (x *Permission) GetDestinationIp() *core.CidrRange { 356 if x, ok := x.GetRule().(*Permission_DestinationIp); ok { 357 return x.DestinationIp 358 } 359 return nil 360} 361 362func (x *Permission) GetDestinationPort() uint32 { 363 if x, ok := x.GetRule().(*Permission_DestinationPort); ok { 364 return x.DestinationPort 365 } 366 return 0 367} 368 369func (x *Permission) GetMetadata() *matcher.MetadataMatcher { 370 if x, ok := x.GetRule().(*Permission_Metadata); ok { 371 return x.Metadata 372 } 373 return nil 374} 375 376func (x *Permission) GetNotRule() *Permission { 377 if x, ok := x.GetRule().(*Permission_NotRule); ok { 378 return x.NotRule 379 } 380 return nil 381} 382 383func (x *Permission) GetRequestedServerName() *matcher.StringMatcher { 384 if x, ok := x.GetRule().(*Permission_RequestedServerName); ok { 385 return x.RequestedServerName 386 } 387 return nil 388} 389 390type isPermission_Rule interface { 391 isPermission_Rule() 392} 393 394type Permission_AndRules struct { 395 // A set of rules that all must match in order to define the action. 396 AndRules *Permission_Set `protobuf:"bytes,1,opt,name=and_rules,json=andRules,proto3,oneof"` 397} 398 399type Permission_OrRules struct { 400 // A set of rules where at least one must match in order to define the action. 401 OrRules *Permission_Set `protobuf:"bytes,2,opt,name=or_rules,json=orRules,proto3,oneof"` 402} 403 404type Permission_Any struct { 405 // When any is set, it matches any action. 406 Any bool `protobuf:"varint,3,opt,name=any,proto3,oneof"` 407} 408 409type Permission_Header struct { 410 // A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only 411 // available for HTTP request. 412 // Note: the pseudo-header :path includes the query and fragment string. Use the `url_path` 413 // field if you want to match the URL path without the query and fragment string. 414 Header *route.HeaderMatcher `protobuf:"bytes,4,opt,name=header,proto3,oneof"` 415} 416 417type Permission_UrlPath struct { 418 // A URL path on the incoming HTTP request. Only available for HTTP. 419 UrlPath *matcher.PathMatcher `protobuf:"bytes,10,opt,name=url_path,json=urlPath,proto3,oneof"` 420} 421 422type Permission_DestinationIp struct { 423 // A CIDR block that describes the destination IP. 424 DestinationIp *core.CidrRange `protobuf:"bytes,5,opt,name=destination_ip,json=destinationIp,proto3,oneof"` 425} 426 427type Permission_DestinationPort struct { 428 // A port number that describes the destination port connecting to. 429 DestinationPort uint32 `protobuf:"varint,6,opt,name=destination_port,json=destinationPort,proto3,oneof"` 430} 431 432type Permission_Metadata struct { 433 // Metadata that describes additional information about the action. 434 Metadata *matcher.MetadataMatcher `protobuf:"bytes,7,opt,name=metadata,proto3,oneof"` 435} 436 437type Permission_NotRule struct { 438 // Negates matching the provided permission. For instance, if the value of `not_rule` would 439 // match, this permission would not match. Conversely, if the value of `not_rule` would not 440 // match, this permission would match. 441 NotRule *Permission `protobuf:"bytes,8,opt,name=not_rule,json=notRule,proto3,oneof"` 442} 443 444type Permission_RequestedServerName struct { 445 // The request server from the client's connection request. This is 446 // typically TLS SNI. 447 // 448 // .. attention:: 449 // 450 // The behavior of this field may be affected by how Envoy is configured 451 // as explained below. 452 // 453 // * If the :ref:`TLS Inspector <config_listener_filters_tls_inspector>` 454 // filter is not added, and if a `FilterChainMatch` is not defined for 455 // the :ref:`server name <envoy_api_field_listener.FilterChainMatch.server_names>`, 456 // a TLS connection's requested SNI server name will be treated as if it 457 // wasn't present. 458 // 459 // * A :ref:`listener filter <arch_overview_listener_filters>` may 460 // overwrite a connection's requested server name within Envoy. 461 // 462 // Please refer to :ref:`this FAQ entry <faq_how_to_setup_sni>` to learn to 463 // setup SNI. 464 RequestedServerName *matcher.StringMatcher `protobuf:"bytes,9,opt,name=requested_server_name,json=requestedServerName,proto3,oneof"` 465} 466 467func (*Permission_AndRules) isPermission_Rule() {} 468 469func (*Permission_OrRules) isPermission_Rule() {} 470 471func (*Permission_Any) isPermission_Rule() {} 472 473func (*Permission_Header) isPermission_Rule() {} 474 475func (*Permission_UrlPath) isPermission_Rule() {} 476 477func (*Permission_DestinationIp) isPermission_Rule() {} 478 479func (*Permission_DestinationPort) isPermission_Rule() {} 480 481func (*Permission_Metadata) isPermission_Rule() {} 482 483func (*Permission_NotRule) isPermission_Rule() {} 484 485func (*Permission_RequestedServerName) isPermission_Rule() {} 486 487// Principal defines an identity or a group of identities for a downstream subject. 488// [#next-free-field: 12] 489type Principal struct { 490 state protoimpl.MessageState 491 sizeCache protoimpl.SizeCache 492 unknownFields protoimpl.UnknownFields 493 494 // Types that are assignable to Identifier: 495 // *Principal_AndIds 496 // *Principal_OrIds 497 // *Principal_Any 498 // *Principal_Authenticated_ 499 // *Principal_SourceIp 500 // *Principal_DirectRemoteIp 501 // *Principal_RemoteIp 502 // *Principal_Header 503 // *Principal_UrlPath 504 // *Principal_Metadata 505 // *Principal_NotId 506 Identifier isPrincipal_Identifier `protobuf_oneof:"identifier"` 507} 508 509func (x *Principal) Reset() { 510 *x = Principal{} 511 if protoimpl.UnsafeEnabled { 512 mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[3] 513 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 514 ms.StoreMessageInfo(mi) 515 } 516} 517 518func (x *Principal) String() string { 519 return protoimpl.X.MessageStringOf(x) 520} 521 522func (*Principal) ProtoMessage() {} 523 524func (x *Principal) ProtoReflect() protoreflect.Message { 525 mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[3] 526 if protoimpl.UnsafeEnabled && x != nil { 527 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 528 if ms.LoadMessageInfo() == nil { 529 ms.StoreMessageInfo(mi) 530 } 531 return ms 532 } 533 return mi.MessageOf(x) 534} 535 536// Deprecated: Use Principal.ProtoReflect.Descriptor instead. 537func (*Principal) Descriptor() ([]byte, []int) { 538 return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{3} 539} 540 541func (m *Principal) GetIdentifier() isPrincipal_Identifier { 542 if m != nil { 543 return m.Identifier 544 } 545 return nil 546} 547 548func (x *Principal) GetAndIds() *Principal_Set { 549 if x, ok := x.GetIdentifier().(*Principal_AndIds); ok { 550 return x.AndIds 551 } 552 return nil 553} 554 555func (x *Principal) GetOrIds() *Principal_Set { 556 if x, ok := x.GetIdentifier().(*Principal_OrIds); ok { 557 return x.OrIds 558 } 559 return nil 560} 561 562func (x *Principal) GetAny() bool { 563 if x, ok := x.GetIdentifier().(*Principal_Any); ok { 564 return x.Any 565 } 566 return false 567} 568 569func (x *Principal) GetAuthenticated() *Principal_Authenticated { 570 if x, ok := x.GetIdentifier().(*Principal_Authenticated_); ok { 571 return x.Authenticated 572 } 573 return nil 574} 575 576// Deprecated: Do not use. 577func (x *Principal) GetSourceIp() *core.CidrRange { 578 if x, ok := x.GetIdentifier().(*Principal_SourceIp); ok { 579 return x.SourceIp 580 } 581 return nil 582} 583 584func (x *Principal) GetDirectRemoteIp() *core.CidrRange { 585 if x, ok := x.GetIdentifier().(*Principal_DirectRemoteIp); ok { 586 return x.DirectRemoteIp 587 } 588 return nil 589} 590 591func (x *Principal) GetRemoteIp() *core.CidrRange { 592 if x, ok := x.GetIdentifier().(*Principal_RemoteIp); ok { 593 return x.RemoteIp 594 } 595 return nil 596} 597 598func (x *Principal) GetHeader() *route.HeaderMatcher { 599 if x, ok := x.GetIdentifier().(*Principal_Header); ok { 600 return x.Header 601 } 602 return nil 603} 604 605func (x *Principal) GetUrlPath() *matcher.PathMatcher { 606 if x, ok := x.GetIdentifier().(*Principal_UrlPath); ok { 607 return x.UrlPath 608 } 609 return nil 610} 611 612func (x *Principal) GetMetadata() *matcher.MetadataMatcher { 613 if x, ok := x.GetIdentifier().(*Principal_Metadata); ok { 614 return x.Metadata 615 } 616 return nil 617} 618 619func (x *Principal) GetNotId() *Principal { 620 if x, ok := x.GetIdentifier().(*Principal_NotId); ok { 621 return x.NotId 622 } 623 return nil 624} 625 626type isPrincipal_Identifier interface { 627 isPrincipal_Identifier() 628} 629 630type Principal_AndIds struct { 631 // A set of identifiers that all must match in order to define the downstream. 632 AndIds *Principal_Set `protobuf:"bytes,1,opt,name=and_ids,json=andIds,proto3,oneof"` 633} 634 635type Principal_OrIds struct { 636 // A set of identifiers at least one must match in order to define the downstream. 637 OrIds *Principal_Set `protobuf:"bytes,2,opt,name=or_ids,json=orIds,proto3,oneof"` 638} 639 640type Principal_Any struct { 641 // When any is set, it matches any downstream. 642 Any bool `protobuf:"varint,3,opt,name=any,proto3,oneof"` 643} 644 645type Principal_Authenticated_ struct { 646 // Authenticated attributes that identify the downstream. 647 Authenticated *Principal_Authenticated `protobuf:"bytes,4,opt,name=authenticated,proto3,oneof"` 648} 649 650type Principal_SourceIp struct { 651 // A CIDR block that describes the downstream IP. 652 // This address will honor proxy protocol, but will not honor XFF. 653 // 654 // Deprecated: Do not use. 655 SourceIp *core.CidrRange `protobuf:"bytes,5,opt,name=source_ip,json=sourceIp,proto3,oneof"` 656} 657 658type Principal_DirectRemoteIp struct { 659 // A CIDR block that describes the downstream remote/origin address. 660 // Note: This is always the physical peer even if the 661 // :ref:`remote_ip <envoy_api_field_config.rbac.v2.Principal.remote_ip>` is inferred 662 // from for example the x-forwarder-for header, proxy protocol, etc. 663 DirectRemoteIp *core.CidrRange `protobuf:"bytes,10,opt,name=direct_remote_ip,json=directRemoteIp,proto3,oneof"` 664} 665 666type Principal_RemoteIp struct { 667 // A CIDR block that describes the downstream remote/origin address. 668 // Note: This may not be the physical peer and could be different from the 669 // :ref:`direct_remote_ip <envoy_api_field_config.rbac.v2.Principal.direct_remote_ip>`. 670 // E.g, if the remote ip is inferred from for example the x-forwarder-for header, 671 // proxy protocol, etc. 672 RemoteIp *core.CidrRange `protobuf:"bytes,11,opt,name=remote_ip,json=remoteIp,proto3,oneof"` 673} 674 675type Principal_Header struct { 676 // A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only 677 // available for HTTP request. 678 // Note: the pseudo-header :path includes the query and fragment string. Use the `url_path` 679 // field if you want to match the URL path without the query and fragment string. 680 Header *route.HeaderMatcher `protobuf:"bytes,6,opt,name=header,proto3,oneof"` 681} 682 683type Principal_UrlPath struct { 684 // A URL path on the incoming HTTP request. Only available for HTTP. 685 UrlPath *matcher.PathMatcher `protobuf:"bytes,9,opt,name=url_path,json=urlPath,proto3,oneof"` 686} 687 688type Principal_Metadata struct { 689 // Metadata that describes additional information about the principal. 690 Metadata *matcher.MetadataMatcher `protobuf:"bytes,7,opt,name=metadata,proto3,oneof"` 691} 692 693type Principal_NotId struct { 694 // Negates matching the provided principal. For instance, if the value of `not_id` would match, 695 // this principal would not match. Conversely, if the value of `not_id` would not match, this 696 // principal would match. 697 NotId *Principal `protobuf:"bytes,8,opt,name=not_id,json=notId,proto3,oneof"` 698} 699 700func (*Principal_AndIds) isPrincipal_Identifier() {} 701 702func (*Principal_OrIds) isPrincipal_Identifier() {} 703 704func (*Principal_Any) isPrincipal_Identifier() {} 705 706func (*Principal_Authenticated_) isPrincipal_Identifier() {} 707 708func (*Principal_SourceIp) isPrincipal_Identifier() {} 709 710func (*Principal_DirectRemoteIp) isPrincipal_Identifier() {} 711 712func (*Principal_RemoteIp) isPrincipal_Identifier() {} 713 714func (*Principal_Header) isPrincipal_Identifier() {} 715 716func (*Principal_UrlPath) isPrincipal_Identifier() {} 717 718func (*Principal_Metadata) isPrincipal_Identifier() {} 719 720func (*Principal_NotId) isPrincipal_Identifier() {} 721 722// Used in the `and_rules` and `or_rules` fields in the `rule` oneof. Depending on the context, 723// each are applied with the associated behavior. 724type Permission_Set struct { 725 state protoimpl.MessageState 726 sizeCache protoimpl.SizeCache 727 unknownFields protoimpl.UnknownFields 728 729 Rules []*Permission `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"` 730} 731 732func (x *Permission_Set) Reset() { 733 *x = Permission_Set{} 734 if protoimpl.UnsafeEnabled { 735 mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[5] 736 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 737 ms.StoreMessageInfo(mi) 738 } 739} 740 741func (x *Permission_Set) String() string { 742 return protoimpl.X.MessageStringOf(x) 743} 744 745func (*Permission_Set) ProtoMessage() {} 746 747func (x *Permission_Set) ProtoReflect() protoreflect.Message { 748 mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[5] 749 if protoimpl.UnsafeEnabled && x != nil { 750 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 751 if ms.LoadMessageInfo() == nil { 752 ms.StoreMessageInfo(mi) 753 } 754 return ms 755 } 756 return mi.MessageOf(x) 757} 758 759// Deprecated: Use Permission_Set.ProtoReflect.Descriptor instead. 760func (*Permission_Set) Descriptor() ([]byte, []int) { 761 return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{2, 0} 762} 763 764func (x *Permission_Set) GetRules() []*Permission { 765 if x != nil { 766 return x.Rules 767 } 768 return nil 769} 770 771// Used in the `and_ids` and `or_ids` fields in the `identifier` oneof. Depending on the context, 772// each are applied with the associated behavior. 773type Principal_Set struct { 774 state protoimpl.MessageState 775 sizeCache protoimpl.SizeCache 776 unknownFields protoimpl.UnknownFields 777 778 Ids []*Principal `protobuf:"bytes,1,rep,name=ids,proto3" json:"ids,omitempty"` 779} 780 781func (x *Principal_Set) Reset() { 782 *x = Principal_Set{} 783 if protoimpl.UnsafeEnabled { 784 mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[6] 785 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 786 ms.StoreMessageInfo(mi) 787 } 788} 789 790func (x *Principal_Set) String() string { 791 return protoimpl.X.MessageStringOf(x) 792} 793 794func (*Principal_Set) ProtoMessage() {} 795 796func (x *Principal_Set) ProtoReflect() protoreflect.Message { 797 mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[6] 798 if protoimpl.UnsafeEnabled && x != nil { 799 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 800 if ms.LoadMessageInfo() == nil { 801 ms.StoreMessageInfo(mi) 802 } 803 return ms 804 } 805 return mi.MessageOf(x) 806} 807 808// Deprecated: Use Principal_Set.ProtoReflect.Descriptor instead. 809func (*Principal_Set) Descriptor() ([]byte, []int) { 810 return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{3, 0} 811} 812 813func (x *Principal_Set) GetIds() []*Principal { 814 if x != nil { 815 return x.Ids 816 } 817 return nil 818} 819 820// Authentication attributes for a downstream. 821type Principal_Authenticated struct { 822 state protoimpl.MessageState 823 sizeCache protoimpl.SizeCache 824 unknownFields protoimpl.UnknownFields 825 826 // The name of the principal. If set, The URI SAN or DNS SAN in that order is used from the 827 // certificate, otherwise the subject field is used. If unset, it applies to any user that is 828 // authenticated. 829 PrincipalName *matcher.StringMatcher `protobuf:"bytes,2,opt,name=principal_name,json=principalName,proto3" json:"principal_name,omitempty"` 830} 831 832func (x *Principal_Authenticated) Reset() { 833 *x = Principal_Authenticated{} 834 if protoimpl.UnsafeEnabled { 835 mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[7] 836 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 837 ms.StoreMessageInfo(mi) 838 } 839} 840 841func (x *Principal_Authenticated) String() string { 842 return protoimpl.X.MessageStringOf(x) 843} 844 845func (*Principal_Authenticated) ProtoMessage() {} 846 847func (x *Principal_Authenticated) ProtoReflect() protoreflect.Message { 848 mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[7] 849 if protoimpl.UnsafeEnabled && x != nil { 850 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 851 if ms.LoadMessageInfo() == nil { 852 ms.StoreMessageInfo(mi) 853 } 854 return ms 855 } 856 return mi.MessageOf(x) 857} 858 859// Deprecated: Use Principal_Authenticated.ProtoReflect.Descriptor instead. 860func (*Principal_Authenticated) Descriptor() ([]byte, []int) { 861 return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{3, 1} 862} 863 864func (x *Principal_Authenticated) GetPrincipalName() *matcher.StringMatcher { 865 if x != nil { 866 return x.PrincipalName 867 } 868 return nil 869} 870 871var File_envoy_config_rbac_v2_rbac_proto protoreflect.FileDescriptor 872 873var file_envoy_config_rbac_v2_rbac_proto_rawDesc = []byte{ 874 0x0a, 0x1f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x72, 875 0x62, 0x61, 0x63, 0x2f, 0x76, 0x32, 0x2f, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 876 0x6f, 0x12, 0x14, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 877 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x1a, 0x1f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x61, 878 0x70, 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x61, 0x64, 0x64, 0x72, 0x65, 879 0x73, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x29, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 880 0x61, 0x70, 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2f, 0x72, 0x6f, 0x75, 881 0x74, 0x65, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x70, 0x72, 882 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x2f, 883 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 884 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x74, 0x79, 885 0x70, 0x65, 0x2f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2f, 0x70, 0x61, 0x74, 0x68, 0x2e, 886 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x74, 0x79, 0x70, 887 0x65, 0x2f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 888 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x25, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 889 0x70, 0x69, 0x2f, 0x65, 0x78, 0x70, 0x72, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 890 0x2f, 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x75, 891 0x64, 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 892 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x76, 0x61, 893 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 894 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x81, 0x02, 0x0a, 0x04, 0x52, 0x42, 0x41, 0x43, 0x12, 0x39, 895 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 896 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 897 0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x42, 0x41, 0x43, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, 898 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x44, 0x0a, 0x08, 0x70, 0x6f, 0x6c, 899 0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x65, 0x6e, 900 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 901 0x76, 0x32, 0x2e, 0x52, 0x42, 0x41, 0x43, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 902 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x1a, 903 0x59, 0x0a, 0x0d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 904 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 905 0x65, 0x79, 0x12, 0x32, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 906 0x0b, 0x32, 0x1c, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 907 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 908 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x1d, 0x0a, 0x06, 0x41, 0x63, 909 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x10, 0x00, 0x12, 910 0x08, 0x0a, 0x04, 0x44, 0x45, 0x4e, 0x59, 0x10, 0x01, 0x22, 0xdf, 0x01, 0x0a, 0x06, 0x50, 0x6f, 911 0x6c, 0x69, 0x63, 0x79, 0x12, 0x4c, 0x0a, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 912 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 913 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 914 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x08, 0xfa, 0x42, 0x05, 915 0x92, 0x01, 0x02, 0x08, 0x01, 0x52, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 916 0x6e, 0x73, 0x12, 0x49, 0x0a, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 917 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 918 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x72, 919 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x92, 0x01, 0x02, 0x08, 920 0x01, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x12, 0x3c, 0x0a, 921 0x09, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 922 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 923 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 924 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xdc, 0x05, 0x0a, 0x0a, 925 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x43, 0x0a, 0x09, 0x61, 0x6e, 926 0x64, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 927 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 928 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x2e, 929 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x08, 0x61, 0x6e, 0x64, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x12, 930 0x41, 0x0a, 0x08, 0x6f, 0x72, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 931 0x0b, 0x32, 0x24, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 932 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 933 0x69, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x07, 0x6f, 0x72, 0x52, 0x75, 0x6c, 934 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x03, 0x61, 0x6e, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x42, 935 0x07, 0xfa, 0x42, 0x04, 0x6a, 0x02, 0x08, 0x01, 0x48, 0x00, 0x52, 0x03, 0x61, 0x6e, 0x79, 0x12, 936 0x3b, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 937 0x21, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x72, 938 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 939 0x65, 0x72, 0x48, 0x00, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x3c, 0x0a, 0x08, 940 0x75, 0x72, 0x6c, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 941 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 942 0x68, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x48, 943 0x00, 0x52, 0x07, 0x75, 0x72, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x12, 0x45, 0x0a, 0x0e, 0x64, 0x65, 944 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x70, 0x18, 0x05, 0x20, 0x01, 945 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 946 0x32, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 947 0x48, 0x00, 0x52, 0x0d, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 948 0x70, 0x12, 0x36, 0x0a, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 949 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x09, 0xfa, 0x42, 0x06, 950 0x2a, 0x04, 0x18, 0xff, 0xff, 0x03, 0x48, 0x00, 0x52, 0x0f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 951 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x41, 0x0a, 0x08, 0x6d, 0x65, 0x74, 952 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x65, 0x6e, 953 0x76, 0x6f, 0x79, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 954 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 955 0x48, 0x00, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x3d, 0x0a, 0x08, 956 0x6e, 0x6f, 0x74, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 957 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 958 0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 959 0x48, 0x00, 0x52, 0x07, 0x6e, 0x6f, 0x74, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x57, 0x0a, 0x15, 0x72, 960 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 961 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x65, 0x6e, 0x76, 962 0x6f, 0x79, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 963 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x48, 0x00, 0x52, 964 0x13, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 965 0x4e, 0x61, 0x6d, 0x65, 0x1a, 0x47, 0x0a, 0x03, 0x53, 0x65, 0x74, 0x12, 0x40, 0x0a, 0x05, 0x72, 966 0x75, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x65, 0x6e, 0x76, 967 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 968 0x32, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x08, 0xfa, 0x42, 969 0x05, 0x92, 0x01, 0x02, 0x08, 0x01, 0x52, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x42, 0x0b, 0x0a, 970 0x04, 0x72, 0x75, 0x6c, 0x65, 0x12, 0x03, 0xf8, 0x42, 0x01, 0x22, 0xf5, 0x06, 0x0a, 0x09, 0x50, 971 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x3e, 0x0a, 0x07, 0x61, 0x6e, 0x64, 0x5f, 972 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 973 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 974 0x2e, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x2e, 0x53, 0x65, 0x74, 0x48, 0x00, 975 0x52, 0x06, 0x61, 0x6e, 0x64, 0x49, 0x64, 0x73, 0x12, 0x3c, 0x0a, 0x06, 0x6f, 0x72, 0x5f, 0x69, 976 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 977 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 978 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x2e, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 979 0x05, 0x6f, 0x72, 0x49, 0x64, 0x73, 0x12, 0x1b, 0x0a, 0x03, 0x61, 0x6e, 0x79, 0x18, 0x03, 0x20, 980 0x01, 0x28, 0x08, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x6a, 0x02, 0x08, 0x01, 0x48, 0x00, 0x52, 0x03, 981 0x61, 0x6e, 0x79, 0x12, 0x55, 0x0a, 0x0d, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 982 0x61, 0x74, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x65, 0x6e, 0x76, 983 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 984 0x32, 0x2e, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x2e, 0x41, 0x75, 0x74, 0x68, 985 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x48, 0x00, 0x52, 0x0d, 0x61, 0x75, 0x74, 986 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x3f, 0x0a, 0x09, 0x73, 0x6f, 987 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 988 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x63, 0x6f, 0x72, 989 0x65, 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x42, 0x02, 0x18, 0x01, 0x48, 990 0x00, 0x52, 0x08, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x12, 0x48, 0x0a, 0x10, 0x64, 991 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x5f, 0x69, 0x70, 0x18, 992 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 993 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 994 0x6e, 0x67, 0x65, 0x48, 0x00, 0x52, 0x0e, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65, 0x6d, 995 0x6f, 0x74, 0x65, 0x49, 0x70, 0x12, 0x3b, 0x0a, 0x09, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x5f, 996 0x69, 0x70, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 997 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x69, 0x64, 998 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x48, 0x00, 0x52, 0x08, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 999 0x49, 0x70, 0x12, 0x3b, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 1000 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 1001 0x32, 0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 1002 0x74, 0x63, 0x68, 0x65, 0x72, 0x48, 0x00, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 1003 0x3c, 0x0a, 0x08, 0x75, 0x72, 0x6c, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x09, 0x20, 0x01, 0x28, 1004 0x0b, 0x32, 0x1f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 1005 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 1006 0x65, 0x72, 0x48, 0x00, 0x52, 0x07, 0x75, 0x72, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x12, 0x41, 0x0a, 1007 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 1008 0x23, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 1009 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4d, 0x61, 0x74, 1010 0x63, 0x68, 0x65, 0x72, 0x48, 0x00, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 1011 0x12, 0x38, 0x0a, 0x06, 0x6e, 0x6f, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 1012 0x32, 0x1f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 1013 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 1014 0x6c, 0x48, 0x00, 0x52, 0x05, 0x6e, 0x6f, 0x74, 0x49, 0x64, 0x1a, 0x42, 0x0a, 0x03, 0x53, 0x65, 1015 0x74, 0x12, 0x3b, 0x0a, 0x03, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 1016 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 1017 0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x42, 1018 0x08, 0xfa, 0x42, 0x05, 0x92, 0x01, 0x02, 0x08, 0x01, 0x52, 0x03, 0x69, 0x64, 0x73, 0x1a, 0x5f, 1019 0x0a, 0x0d, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 1020 0x48, 0x0a, 0x0e, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 1021 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 1022 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x53, 0x74, 0x72, 1023 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x52, 0x0d, 0x70, 0x72, 0x69, 0x6e, 1024 0x63, 0x69, 0x70, 0x61, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x42, 1025 0x11, 0x0a, 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x03, 0xf8, 1026 0x42, 0x01, 0x42, 0x39, 0x0a, 0x22, 0x69, 0x6f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 1027 0x6f, 0x78, 0x79, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 1028 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x42, 0x09, 0x52, 0x62, 0x61, 0x63, 0x50, 0x72, 1029 0x6f, 0x74, 0x6f, 0x50, 0x01, 0xba, 0x80, 0xc8, 0xd1, 0x06, 0x02, 0x10, 0x01, 0x62, 0x06, 0x70, 1030 0x72, 0x6f, 0x74, 0x6f, 0x33, 1031} 1032 1033var ( 1034 file_envoy_config_rbac_v2_rbac_proto_rawDescOnce sync.Once 1035 file_envoy_config_rbac_v2_rbac_proto_rawDescData = file_envoy_config_rbac_v2_rbac_proto_rawDesc 1036) 1037 1038func file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP() []byte { 1039 file_envoy_config_rbac_v2_rbac_proto_rawDescOnce.Do(func() { 1040 file_envoy_config_rbac_v2_rbac_proto_rawDescData = protoimpl.X.CompressGZIP(file_envoy_config_rbac_v2_rbac_proto_rawDescData) 1041 }) 1042 return file_envoy_config_rbac_v2_rbac_proto_rawDescData 1043} 1044 1045var file_envoy_config_rbac_v2_rbac_proto_enumTypes = make([]protoimpl.EnumInfo, 1) 1046var file_envoy_config_rbac_v2_rbac_proto_msgTypes = make([]protoimpl.MessageInfo, 8) 1047var file_envoy_config_rbac_v2_rbac_proto_goTypes = []interface{}{ 1048 (RBAC_Action)(0), // 0: envoy.config.rbac.v2.RBAC.Action 1049 (*RBAC)(nil), // 1: envoy.config.rbac.v2.RBAC 1050 (*Policy)(nil), // 2: envoy.config.rbac.v2.Policy 1051 (*Permission)(nil), // 3: envoy.config.rbac.v2.Permission 1052 (*Principal)(nil), // 4: envoy.config.rbac.v2.Principal 1053 nil, // 5: envoy.config.rbac.v2.RBAC.PoliciesEntry 1054 (*Permission_Set)(nil), // 6: envoy.config.rbac.v2.Permission.Set 1055 (*Principal_Set)(nil), // 7: envoy.config.rbac.v2.Principal.Set 1056 (*Principal_Authenticated)(nil), // 8: envoy.config.rbac.v2.Principal.Authenticated 1057 (*v1alpha1.Expr)(nil), // 9: google.api.expr.v1alpha1.Expr 1058 (*route.HeaderMatcher)(nil), // 10: envoy.api.v2.route.HeaderMatcher 1059 (*matcher.PathMatcher)(nil), // 11: envoy.type.matcher.PathMatcher 1060 (*core.CidrRange)(nil), // 12: envoy.api.v2.core.CidrRange 1061 (*matcher.MetadataMatcher)(nil), // 13: envoy.type.matcher.MetadataMatcher 1062 (*matcher.StringMatcher)(nil), // 14: envoy.type.matcher.StringMatcher 1063} 1064var file_envoy_config_rbac_v2_rbac_proto_depIdxs = []int32{ 1065 0, // 0: envoy.config.rbac.v2.RBAC.action:type_name -> envoy.config.rbac.v2.RBAC.Action 1066 5, // 1: envoy.config.rbac.v2.RBAC.policies:type_name -> envoy.config.rbac.v2.RBAC.PoliciesEntry 1067 3, // 2: envoy.config.rbac.v2.Policy.permissions:type_name -> envoy.config.rbac.v2.Permission 1068 4, // 3: envoy.config.rbac.v2.Policy.principals:type_name -> envoy.config.rbac.v2.Principal 1069 9, // 4: envoy.config.rbac.v2.Policy.condition:type_name -> google.api.expr.v1alpha1.Expr 1070 6, // 5: envoy.config.rbac.v2.Permission.and_rules:type_name -> envoy.config.rbac.v2.Permission.Set 1071 6, // 6: envoy.config.rbac.v2.Permission.or_rules:type_name -> envoy.config.rbac.v2.Permission.Set 1072 10, // 7: envoy.config.rbac.v2.Permission.header:type_name -> envoy.api.v2.route.HeaderMatcher 1073 11, // 8: envoy.config.rbac.v2.Permission.url_path:type_name -> envoy.type.matcher.PathMatcher 1074 12, // 9: envoy.config.rbac.v2.Permission.destination_ip:type_name -> envoy.api.v2.core.CidrRange 1075 13, // 10: envoy.config.rbac.v2.Permission.metadata:type_name -> envoy.type.matcher.MetadataMatcher 1076 3, // 11: envoy.config.rbac.v2.Permission.not_rule:type_name -> envoy.config.rbac.v2.Permission 1077 14, // 12: envoy.config.rbac.v2.Permission.requested_server_name:type_name -> envoy.type.matcher.StringMatcher 1078 7, // 13: envoy.config.rbac.v2.Principal.and_ids:type_name -> envoy.config.rbac.v2.Principal.Set 1079 7, // 14: envoy.config.rbac.v2.Principal.or_ids:type_name -> envoy.config.rbac.v2.Principal.Set 1080 8, // 15: envoy.config.rbac.v2.Principal.authenticated:type_name -> envoy.config.rbac.v2.Principal.Authenticated 1081 12, // 16: envoy.config.rbac.v2.Principal.source_ip:type_name -> envoy.api.v2.core.CidrRange 1082 12, // 17: envoy.config.rbac.v2.Principal.direct_remote_ip:type_name -> envoy.api.v2.core.CidrRange 1083 12, // 18: envoy.config.rbac.v2.Principal.remote_ip:type_name -> envoy.api.v2.core.CidrRange 1084 10, // 19: envoy.config.rbac.v2.Principal.header:type_name -> envoy.api.v2.route.HeaderMatcher 1085 11, // 20: envoy.config.rbac.v2.Principal.url_path:type_name -> envoy.type.matcher.PathMatcher 1086 13, // 21: envoy.config.rbac.v2.Principal.metadata:type_name -> envoy.type.matcher.MetadataMatcher 1087 4, // 22: envoy.config.rbac.v2.Principal.not_id:type_name -> envoy.config.rbac.v2.Principal 1088 2, // 23: envoy.config.rbac.v2.RBAC.PoliciesEntry.value:type_name -> envoy.config.rbac.v2.Policy 1089 3, // 24: envoy.config.rbac.v2.Permission.Set.rules:type_name -> envoy.config.rbac.v2.Permission 1090 4, // 25: envoy.config.rbac.v2.Principal.Set.ids:type_name -> envoy.config.rbac.v2.Principal 1091 14, // 26: envoy.config.rbac.v2.Principal.Authenticated.principal_name:type_name -> envoy.type.matcher.StringMatcher 1092 27, // [27:27] is the sub-list for method output_type 1093 27, // [27:27] is the sub-list for method input_type 1094 27, // [27:27] is the sub-list for extension type_name 1095 27, // [27:27] is the sub-list for extension extendee 1096 0, // [0:27] is the sub-list for field type_name 1097} 1098 1099func init() { file_envoy_config_rbac_v2_rbac_proto_init() } 1100func file_envoy_config_rbac_v2_rbac_proto_init() { 1101 if File_envoy_config_rbac_v2_rbac_proto != nil { 1102 return 1103 } 1104 if !protoimpl.UnsafeEnabled { 1105 file_envoy_config_rbac_v2_rbac_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { 1106 switch v := v.(*RBAC); i { 1107 case 0: 1108 return &v.state 1109 case 1: 1110 return &v.sizeCache 1111 case 2: 1112 return &v.unknownFields 1113 default: 1114 return nil 1115 } 1116 } 1117 file_envoy_config_rbac_v2_rbac_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { 1118 switch v := v.(*Policy); i { 1119 case 0: 1120 return &v.state 1121 case 1: 1122 return &v.sizeCache 1123 case 2: 1124 return &v.unknownFields 1125 default: 1126 return nil 1127 } 1128 } 1129 file_envoy_config_rbac_v2_rbac_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { 1130 switch v := v.(*Permission); i { 1131 case 0: 1132 return &v.state 1133 case 1: 1134 return &v.sizeCache 1135 case 2: 1136 return &v.unknownFields 1137 default: 1138 return nil 1139 } 1140 } 1141 file_envoy_config_rbac_v2_rbac_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { 1142 switch v := v.(*Principal); i { 1143 case 0: 1144 return &v.state 1145 case 1: 1146 return &v.sizeCache 1147 case 2: 1148 return &v.unknownFields 1149 default: 1150 return nil 1151 } 1152 } 1153 file_envoy_config_rbac_v2_rbac_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { 1154 switch v := v.(*Permission_Set); i { 1155 case 0: 1156 return &v.state 1157 case 1: 1158 return &v.sizeCache 1159 case 2: 1160 return &v.unknownFields 1161 default: 1162 return nil 1163 } 1164 } 1165 file_envoy_config_rbac_v2_rbac_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { 1166 switch v := v.(*Principal_Set); i { 1167 case 0: 1168 return &v.state 1169 case 1: 1170 return &v.sizeCache 1171 case 2: 1172 return &v.unknownFields 1173 default: 1174 return nil 1175 } 1176 } 1177 file_envoy_config_rbac_v2_rbac_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { 1178 switch v := v.(*Principal_Authenticated); i { 1179 case 0: 1180 return &v.state 1181 case 1: 1182 return &v.sizeCache 1183 case 2: 1184 return &v.unknownFields 1185 default: 1186 return nil 1187 } 1188 } 1189 } 1190 file_envoy_config_rbac_v2_rbac_proto_msgTypes[2].OneofWrappers = []interface{}{ 1191 (*Permission_AndRules)(nil), 1192 (*Permission_OrRules)(nil), 1193 (*Permission_Any)(nil), 1194 (*Permission_Header)(nil), 1195 (*Permission_UrlPath)(nil), 1196 (*Permission_DestinationIp)(nil), 1197 (*Permission_DestinationPort)(nil), 1198 (*Permission_Metadata)(nil), 1199 (*Permission_NotRule)(nil), 1200 (*Permission_RequestedServerName)(nil), 1201 } 1202 file_envoy_config_rbac_v2_rbac_proto_msgTypes[3].OneofWrappers = []interface{}{ 1203 (*Principal_AndIds)(nil), 1204 (*Principal_OrIds)(nil), 1205 (*Principal_Any)(nil), 1206 (*Principal_Authenticated_)(nil), 1207 (*Principal_SourceIp)(nil), 1208 (*Principal_DirectRemoteIp)(nil), 1209 (*Principal_RemoteIp)(nil), 1210 (*Principal_Header)(nil), 1211 (*Principal_UrlPath)(nil), 1212 (*Principal_Metadata)(nil), 1213 (*Principal_NotId)(nil), 1214 } 1215 type x struct{} 1216 out := protoimpl.TypeBuilder{ 1217 File: protoimpl.DescBuilder{ 1218 GoPackagePath: reflect.TypeOf(x{}).PkgPath(), 1219 RawDescriptor: file_envoy_config_rbac_v2_rbac_proto_rawDesc, 1220 NumEnums: 1, 1221 NumMessages: 8, 1222 NumExtensions: 0, 1223 NumServices: 0, 1224 }, 1225 GoTypes: file_envoy_config_rbac_v2_rbac_proto_goTypes, 1226 DependencyIndexes: file_envoy_config_rbac_v2_rbac_proto_depIdxs, 1227 EnumInfos: file_envoy_config_rbac_v2_rbac_proto_enumTypes, 1228 MessageInfos: file_envoy_config_rbac_v2_rbac_proto_msgTypes, 1229 }.Build() 1230 File_envoy_config_rbac_v2_rbac_proto = out.File 1231 file_envoy_config_rbac_v2_rbac_proto_rawDesc = nil 1232 file_envoy_config_rbac_v2_rbac_proto_goTypes = nil 1233 file_envoy_config_rbac_v2_rbac_proto_depIdxs = nil 1234} 1235